Phishing

(get it in RSS or Atom)

More iCloud phishing: don't get sucked in

by Paul Ducklin on February 6, 2015 | 4 Comments

It's easy to justify checking out spams and scams, on the "better safe than sorry" principle.

Don't do it!

You just end up one click closer to catastrophe.

Psychological profile-based security - could it work?

by John Zorabedian on January 23, 2015 | 5 Comments
Image of psychedelic background brain courtesy of Shutterstock.

Fujitsu's working on technology that can assign security countermeasures based on a user's psychological profile and risk tendencies - warning them ahead of time, before an attack can be carried out successfully.

"Obamacare" phishing email leads to banking malware‏

by Paul Ducklin on January 14, 2015 | Leave a comment
dol-fake-250

Unfortunately, official emails and web bulletins are a handy source of believable content for scammers.

This time, it's a Department of Labor bulletin "borrowed" to help distributed a variant of the infamous Vawtrak banking malware.

Phish of the Week - when adjectives just aren't enough

by Paul Ducklin on January 12, 2015 | 28 Comments

We aren't really supposed to chuckle at spams and scams.

But here's a phishing story that will make you smile yet still be educational...

SSCC 179 - What kind of a name is "Lizard Squad"? [PODCAST]

by Paul Ducklin on December 31, 2014 | Leave a comment

Here's the latest episode of our regular security podcast.

This week: phishing, spamming, zombification, SCADA and the Internet of Things, and the curiously named cybervandals that go by "Lizard Squad."

Can malware and hackers really cause giant physical disasters?

by Paul Ducklin on December 29, 2014 | 14 Comments

Could you really have a hacker or malware initiated meltdown?

Yes, says the 2014 report of the German Office for Information Security...

Yes, I got an iTunes gift card for Christmas - but HOW DID THE CROOKS KNOW THAT?

by Paul Ducklin on December 29, 2014 | 2 Comments

You *are* being doubly cautious for phishing campaigns over the holiday season, aren't you?

Spammers and scammers don't have to know anything about you to hit the bullseye in what might feel like a targeted attack.

The email that caused a literal meltdown - 60 Sec Security [VIDEO]

by Paul Ducklin on December 27, 2014 | Leave a comment

Enjoy the last episode of "60 Second Security" for 2014!

Learn from the week's news in just one minute...

SSCC 178 - Are we there yet? [PODCAST]

by Paul Ducklin on December 24, 2014 | Leave a comment

Here's the latest episode of our weekly security podcast.

Enjoy...and "Happy Holidays," whether you're away on vacation yourself, or a sysadmin enjoying the time when everyone else is on vacation!

Yes, ICANN keep your data safe...oops, sorry, no I can't - 60 Sec Security [VIDEO]

by Paul Ducklin on December 20, 2014 | Leave a comment

Time for the latest episode of our weekly 60 Second Security video!

The news, in just one minute...enjoy.

Spear-phishers grab emails from internet overseer ICANN

by Lisa Vaas on December 19, 2014 | 1 Comment
ICANN logo

Yes, the DNS overlord fell for spear phishing. No, the internet's spine was NOT broken, given that the intruders only gained "read", not "write", access. Thank goodness!

Don’t let the Grinch steal Christmas: how to avoid festive fraudsters

by Louisa Hardwick on December 18, 2014 | 1 Comment
Don’t let the Grinch steal Christmas: tips for avoiding festive fraudsters

Take a little more time to record what you've bought, from who or where, and how much it cost - and don't let your guard slip at this hectic time of year.

5 online scams to watch out for this Black Friday and Cyber Monday

by John Zorabedian on November 25, 2014 | Leave a comment
Special offer. Image courtesy of Shutterstock

The traditional kickoff to the holiday shopping season is also an opportune time for cybercriminals, scam artists and conmen to gear up their activities.

Here are the top 5 online scams to watch out for...

Old-time phishing scams are working just fine, Google finds

by Lisa Vaas on November 11, 2014 | 3 Comments
Old-time phishing scams are working just fine, Google finds

A new Google study has found that the true masterpieces of phishing are successful 45% of the time. It's just another example of how phishers may be old dogs, but they can sure learn new tricks.

SSCC 172 - Ransomware's not dead! [PODCAST]

by Paul Ducklin on November 5, 2014 | Leave a comment

Here's the latest episode of our weekly security podcast.

News you can use!

GATSO! Speed camera phish leads to CryptoLocker ransomware clone...

by Paul Ducklin on November 3, 2014 | 13 Comments
gatso-250

Recently, we came across an intriguing phishing campaign that combines two feared products of the information age.

Gatsos (speed cameras) and ransomware, rolled into one attack!

Google goes beyond two-step verification with new USB Security Key

by Lisa Vaas on October 23, 2014 | 13 Comments
Google 2SV

Google's adding support for a physical USB second factor that will first verify the login site as being a true Google website, not a fake site pretending to be Google, before it hands over a cryptographic signature.

Attacker takes over Facebook page set up for 'Bucket List Baby' Shane, posts porn

by Lisa Vaas on October 15, 2014 | 6 Comments
Attacker takes over Facebook page set up for 'Bucket List Baby' Shane, posts porn

A Facebook page set up to chronicle the extremely short life of a baby with the rare, terminal condition of anencephaly was hijacked within days of the infant's death and set to display lewd images. The parents, who had lost their child mere days before, fell for one of the most vile phishing attacks ever.

5 steps to lock down your webmail account

by John Hawes on October 14, 2014 | 8 Comments
5 steps to lock down your webmail account

For most people Gmail, Outlook.com or Yahoo! Mail is their main personal account. Here are some of the most important steps to keep unwanted people out of your web-based email account.